Re: Freeradius, EAP-TTLS ans eDirectory
This is a discussion on Re: Freeradius, EAP-TTLS ans eDirectory within the FreeRADIUS Users forums, part of the Networking and Network Related category; Mariano Morano wrote: > Hi all, > We are working in a RFP and one of the customer's requirement ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-28-2006
|
|||
|
|||
Re: Freeradius, EAP-TTLS ans eDirectory
Mariano Morano wrote:
> Hi all, > We are working in a RFP and one of the customer's requirement is that we must support EAP-TTLS with Freeradius integrated with eDirectory as back-end. > > We were reading the Novell documentation and at the Novell page, there appears "How to integrate Novell® eDirectoryTM 8.7.1 or later with FreeRADIUS 1.0.2 on wards to allow wireless authentication for eDirectory users." and it not mntions EAP-TTLS (only EAP-TLS) > > > SO, Some questions: > > 1) First, can we use Freeradius with EAP-TTLS and eDirectory as back end ? > 2) if we can waht version of frereadius should we use ? > 3) Ca someone send us information about how do that? > > I would appreciate any hel ASAP > > Thanks in advance. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Follow Novells latest document about Integrate Novell® eDirectoryTM with FreeRADIUS Then just make sure that these lines are present and uncommented in radius.conf # radius.conf (Fresh install these lines are present and uncommented in radius.conf) $INCLUDE ${confdir}/eap.conf authorize { eap } authenticate { eap } post-proxy { eap } then change eap.conf to look something like this.... eap { default_eap_type = tls timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { #challenge = "Password: " auth_type = PAP } tls { private_key_password = example-password private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/root.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes } ttls { # default_eap_type = md5 # you may have to uncomment eithor one of these depends on your configuration... # default eap_type = pap # copy_request_to_tunnel = no use_tunneled_reply = no } # peap { # default_eap_type = mschapv2 # copy_request_to_tunnel = no # use_tunneled_reply = no # proxy_tunneled_request_as_eap = yes #} mschapv2 { } } Create the certificates.... configure proxy.conf and client.conf and user.conf to suit your needs and your ready to go Best Regards Johann B. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
